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(54) Title: SECURING FINANCIAL TRANSACTIONS 



(57) Abstract 

A system for securing financial transactions involving credit 
and charge cards is described. As well as the normal magnetic stripe 
(2), the card includes non visible coded information, for example an 
infra-red readable (but not human eye visible) bar code (3). When the 
card is personalised, data recorded on to magnetic stripe (2) may be 
combined with the bar code (3) arid a randomly generated PIN num- 
ber to produce check digits following a given algorithm. Those check 
digits can be recorded in the magnetic stripe (2). A stand alone vali- 
dator Le. not connected to a mainframe computer, can read both da- 
ta from magnetic stripe (2) and the coded data such as bar code (3) 
and process the data and the PIN number input via a keypad (41) ac- 
cording to the algorithm to produce the check digits if they match, an 
indication validating the proposed transaction can be given, for ex- 
ample a green LED (50) lights up. 
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SECURING FINANCIAL TRANSACTIONS 
This invention relates to securing financial 




In recent years there has been a substantial move to 
cashless financial transaction using, as an essential 
element of the transaction, a plastics card.. A variety 
of such cards, directed to use in differing types of 
10 financial transaction, has emerged* Mention may be made 
of credit cards, charge cards, cheque guarantee cards and 
cash cards. 

Two main methods have emerged for the authentication of 
15 the card at the time of transaction. In the case of 

credit cards, charge cards and cheque guarantee cards, 
this is the signature of the user, which is applied to 
both the caxd (when the user initially receives it) and 
at the time of the transaction , either a credit or charge 
20 card voucher produced by the provider of goods or 

services at the time of the transaction,, or a cheque form 
produced by the card holder in the case of a cheque 
guarantee card. The other method is use of a -personal 
identification number (PIN number) known theoretically 



WO 92/16913 



PCT/GB92/00512 



- 2 - 



♦ *- • 



only to the card holder and for use in cash card 

The requirement for a personal 
number arises from the majority of cash 
card transactions being effected via so called automated 
teller machines, which produce cash for the user without 
the cash dispenser being present in person in the form of 
a human cashier or teller. 



10 



15 



When properly used, the PIN number approach provides a 
relatively high degree of security. Its use is however 
limited by the need to have the number checked and 
correlated with the data on the cash card at the time of 
the transaction. This is conventionally effected by 
connecting the automated teller machine on-line to a 
mainframe computer which/ if a correct PIN number is 
provided by the user of the machine, authorises the 
transaction and enables the machine to dispense the cash , 



20 



25 



30 



While such a system is effective , it requires a very 
substantial investment in mainframe computer back-up and, 
for obvious reasons, tends to "fail safe'* i.e. if the 
correct PIN number is not introduced, or if there is some 
other problem such as the misreading of magnetic data on 
the cash card, the transaction is simply blocked. While 
this is inconvenient to the user at the time, it. 
generally inconveniences no-one else. Hold-ups, however, 
at other financial transaction processing stations, for 
example supermarket check-outs, which might be occasioned 
by a failed transaction of this nature, are unacceptable. 

In situations such as supermarket check-outs, however, 
there is currently neither the equipment available to 
deal with on-line authentication nor would problems of 
delay be acceptable. Instead, authentication is effected 
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by signature. Despite the presumed uniqueness of 
signatures, they do not in fact work very well as a 
security measure. The standard problem with cheque 
guarantee cards is that, despite instructions to the 
contrary, users tend to keep them conveniently with their 
cheque books, and if both are stolen together the thief 
may well be able to learn a passable imitation of the 
signature on the card and then go out and make a 
substantial number of transactions over a short period of 
time before any alarm can be raised. This is clearly 



The present invention sales to provide an improved system 
using an improved form of card and novel authentication 
15 equipment. 

According to a first general feature of the present 
invention there is provided on an authentication card 
having a magnetic strip with magnetically recorded data 
thereon, and additional coded marking which is invisible 
to the naked eye but machine readable. This provides a 
first line of defence against card fraud if it is 
arranged that part of the data recorded magnetically and 
part of the invisibly recorded data are correlated in 
some way since then any magnetic tampering with the 
magnetically recorded data (which is often undertaken by 
professional thieves) will remove the correlation and 
enable a simple self-contained detector unit to show at 
the point of the transaction that the card has been 
30 tampered with. 

* 

Additionally, since the coded marking is invisible to the 
naked eye, it is not immediately apparent usually to the 
would-be card forger, that the marking is there at all. 
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Although the marking is coded, for purposes which appear 
more fully below, the additional marking may also serve 
as a security f eature merely by its presence . Thus if 
the additional marking is effected using a material 
5 having certain physical characteristics and which is one 
not normally found in credit and charge cards, or one the 
synthesis of which is difficult to achieve, a forged card 
may be distinguished from a genuine merely by the 
presence of the material making up the coded marking. 

10 

As noted above, thfe data on the magnetic strip and the 
data in the additional coded marking may be dir ectly 
correlated to enable simple detection of tampering of the 
magnetic data. However, a major advantage of the present 
15 invention is that such data as is coded in the magnetic 
strip and the coded marking may be correlated via a PIN 
number known to the holder of the card but apparent from 
neither the magnetic data nor the invisible data. 

20 Using a card coded in this way, it is possible to 

authenticate a transaction without the necessity of 
referring to a mainframe computer but with a very high 
degree of certainty by reading data from the card, both 
the magnetic data and the ribn-visible data, and 

25 correlating that data with a PIN number provided by the 
card holder at the time of the transaction. The PIN 
number may be inserted into the detector unit by the card 
holder in a fashion which does not reveal the PIN number 
to the. bystander, or for example the cashier, at the 

30 vending establishment. 

A detector unit may be used to validate the transaction. 
Thus according to a further feature of the present 
invention there is provided validation apparatus for use 
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with a card of the type described above which comprises 
means for reading data recorded magnetically on a 
magnetic strip of the card, means for reading data from 
the additional coded marking thereon, personal 
5 identification number input means, a pre-programmed 

processing unit adapted to process data input from the 
magnetic strip coded marking and PIN number inputs and to 
display the results of such processing as a visual 
indication corroborating or denying the validity of a 
1CT proposed transaction. 

Such validator apparatus may be embodied in a relatively 
small, relatively inexpensive unitL. So called swipe 
readers for cards bearing a magnetically coded stripe are 
well known and find application in numerous areas of 
technology, for example in electronic tills and card 
operated telephone boxes. They usually include a channel 
along which the card is passed, either by hand or driven 
by appropriate machinery, so that the magnetic stripe on 
the card passes over a magnetic reading head. 
Conveniently the invisibly coded marking on the card can 
be read at the same time, this generally implying that 
the coded marking extends linearly in a direction 
parallel to that of the magnetic stripe. A preferred 
marking is a bar code type marking which is easily 
applied during manufacture of the card. The bar code 
markxng may be on the same side of the card as the 
magnetic stripe or on the opposite side and the swipe 
reader will need to be constructed accordingly. 

As noted above, the additional coded marking on the card 
is invisible to the naked eye. This can be effected by a 
variety of means, preferred systems being to incorporate 
the mar king in the interior of the card . The marking may 
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be effected in a material which is itself effectively 
invisible (transparent or the same colour as the material 
of card) or it may be made in a material which when 
directly viewed is visible but which is rendered 
5 invisible by being covered with an opaque layer rendering 
it invisible to the human eye but where the opaque layer 
is not opaque to some appropriate form of sensing* For 
example the code may be printed using a material giving a 
detectable infra-red absorption or reflectance but 
10 covered by a material transparent to infra-red radiation 
but opaque to the human eye . Putting the marking in the 
interior of the card also makes it much more difficult 
for a person who wishes to commit fraud by using a stolen 
card to change the data on the card. 

15 

Thus a particularly preferred form of card in accordance 
with the present invention is a plastics card having , 
printed in the interior thereof , a marking readable: at 
non-visible wavelengths, preferably at infra-red 
20 wavelengths, the marking being located between a plastics 
card base and a cover laminated to the base and 
transparent to the wavelength at which the bar code is 
readable . 

25 The. invention as illustrated by way of example in the 
accompanying* drawing which shows diagrammatically card 
manufacture and transaction validation using the card. 

Referring to the drawing this shows at the top left a 
30 stylised credit card 1 which may be of standard shape and 
size. On one side of the card is a magnetic stripe 2 of 

■ 

standard construction. Also printed on the card is a bar 
code 3 and a patch 4. Bar code 3 and patch 4 may be made 
of the same material or may be different. 
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Although barcode 3 is shown' on the drawing for clarity 
visibly f it may be printed in a material visually 
indistinguishable from the background. Barcode 3 and 
patch 4 may be printed on the card base and then covered 
with/ for example , a visually opaque, infra-red 
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20 



25 



The bar code 3 and patch 4 may be printed on the card or 
on a layer making up the card by any convenient means. 
Ink jet printing of bar codes is a convenient and 
inexpensive means of printing bar codes on successive 
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for reasons indicated below. 

Cards of the type illustrated in the top left of the 
accompanying drawing, and including e.g. printing with 
graphic material indicative of the dint ended card issuer 
are produced by standard mass production processes. 
However for use, cards must carry data personal to the 
user. Standard machines are accordingly available in 
commerce for processing pre-manufactured cards to 
personalise them. A typical such machine is commercially 
available under the trade designation Datacard 4650 from 
Data Card Limited and its affiliates. Other card 
embossing and recording systems are available from other 
manufacturers.. 



30 



In the drawing, such a machine is represented 
diagrammatically by box 10 having ah input tray 11 for 
cards to be personalised and an output delivery 12 where 
cards which have been processed collect. 

The card embossing and recording system 10 is connected 
via a suitable data transmission links 15 and 16 with a 
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mainframe computer schematically indicated at 20 and 
under the control of the card issuer, for example a bank, 
finance company or the like* 



m 




771 


• 



recording system 10 as follows: 

The invisible bar code 3 is read by a suitable reader 
within unit 10. This is fed via data transmission line 

10 15 to the mainframe computer 20 together with a request 
to provide data to be put on the card. Thus the 
mainframe computer may be requested to provide the 
embossing and recording system with the account number 
name and details of the intended card holder. This is 

15 then transmitted from the mainframe computer 20 to the 
embossing and recording system 10 via data link 16. 

In accordance with the invention, the mainframe computer 
which receives the data as to the bar code 3, carries out 

20 suitable mathematical processing on the number 

represented by the bar code and on other numbers 
associated with the particular account or person to whom 
the card will be issued. The mathematical process or 
algorithm used may vary widely but is used to combine the 

25 invisible number from bar code 3 with data e.g. from the 
person's account number, and with a randomly generated 
PIN number which will be assigned to the cardholder. For 
example one form of mathematical processing may be to 
take the number represented by the bar code 3, add the 

30 person 1 s account number to it, multiply that sum by the 
randomly generated PIN number and discard all but the 
last three digits of the resulting large number. Those 
three digits can then be regarded as a checking number 
which is then fed back via data link 16 to the embossing 
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and recording system 10* The embossing and recording 
system may be arranged to record those three digits on to 
the magnetic stripe 2. 

The top right hand corner of the drawing shows 
diagraramatically the card after processing. It still has 
unchanged bar code 3, patch 4 and magnetic stripe 2. 



embossed thereon and is shown and this number and the 
10 check digits are recorded on magnetic stripe 2. The card 
may also be appropriately embossed or otherwise 
identified e.g. with the name of the cardholder and an 
expiry date* 

15 The so processed card can then be transmitted to the 

cardholder in the usual way while the mainframe computer 
20 (which of course knows the PIN number allotted to that 
customer) may generate a separate letter which the 
computer separately despatches to the cardholder advising 

20 him or her of the PIN number he or she has been assigned* 



Once the cardholder is in possession of the card, it can 
be used in the normal way. Although this is not 
indicated for the sake of clarity and drawing , the card 
25 may include a conventional signature strip and may be 

validated by signature comparison or using some form of 
on-line validation as is well known. However, because of 
the presence of bar code 3 in the card and patch 4 
further means of validation are now available. 

* * ■ * 

30 



The bottom of the attached drawing shows diagrammatically 
a self contained validator unit which may be located at 
any appropriate transaction processing station for 
example in a store, supermarket, restaurant or the like. 
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This unit has a slot 40 through which the card 1 may be 
swiped. Located either side of slot 40 within the 
validator unit are appropriate sensors for reading 
magnetic data on magnetic stripe 2 and the coded data on 
5 bar code 3. Patch 4 may be used in conjunction with the 
bar code to facilitate reading. For example if patch 4 
is of known width , the amount of time patch 4 is under a 
detector head may give an indication of appropriate 
clocking speed for reading the bar code, thus 
10 compensating for different swipe speeds. 

In practice, the card is first swiped through the slot 40 
and the cardholder is then invited to input his or her 
PIN number via a conventional keypad 4 1 . Keypad 4 1 is 

15 surrounded by scrieens 42,43 in order to minimise the 
chance of the PIN number being detected by a casual 
observer. There is no display of what PIN number has 
been entered but within the cabinet of the validator unit 
which includes slot 40 is an appropriately programmed 

20 integrated circuit. This is arranged to receive data 

read from the card and data input form- the keypad 41 and 
then to take the data read from the card (the account 
number from magnetic stripe 2 and the bar code 3) and 
combine it in the same way as the mainframe computer 20 

25 did when the card was being personalised, to generate a 
large number and therefor the three check digits by the 
system explained above. The circuit also contains 
comparison means to determine whether the three check 
digits so generated match the three check digits read 

30 from magnetic stripe 2. If they do, an indicator such as 
a bright light emitting diode 50 located on the side of 
the validator unit lights up green thus enabling the 
proposed transaction to be authorised while if they do 
not match, diode 50 lights red. 
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It can be seen from the above that validation is 
essentially carried out by the checking process indicated 
and using the appropriate algorithm. There is no need to 
refer to a mainframe computer. 



The validator unit shown at the bottom of the drawing may 
simply act as a transaction validator as indicated above 
or it may be more sophisticated. For example it may 
include large quantities of electronic memory enabling it 
to record details of each transaction for example the 
date the identity of the checkout store and perhaps of 
the checkout operator and perhaps other data enabling 
tracing to be carried out if it is subsequently decided 
that a use of particular card needs to be traced. The 
15 circuitry within the unit may also for example 

incorporate programming enabling detection of operation 
at unusual hours or to enable an unusual pattern of 
operation ta be detected, for example if repeated 
attempts are made to validate the same card using a 
20 succession of different PIN numbers as would occur if a 
member of a supermarket staff who had picked up a lost 
card but not declared that tried to find the PIN number 
related to that card by repeated trial and error. 

25 The validator unit may of course have means enabling it 
to be programmed or reprogrammed or enabling material 
stored by it to be downloaded for subsequent 
investigative processing. The unit must of course be 
rendered reasonably secure against tampering by any 

30 appropriate means including for example means erasing its 
programming if the casing is opened by an unauthorised 
person. 



An authentication card for securing financial 
transactions consisting of a card base, a magnetic 
strip having magnetically recorded data thereon and 
characterised by an additional coded mar king 
invisible to the naked eye but machine-readable • 

An authentication card according to Claim 1, wherein 
the additional coded marking is in the form of a bar 
code. 

An authentication card according to Claim 1 or 2, 
wherein the additional coded marking is readable 
using infra-red radiation. 

An authentication card according to any one of 
Claims 1 to 3, wherein the magnetic strip contains 

r 

as part of the magnetically recorded data a . 
plurality of check digits obtained by applying an 
algorithm to other data recorded on the magnetic 
strip and the additional coded ma rking. 

Validation apparatus for use with an authentication 
card and in accordance with any one of the prece din g 
claims and including means for reading data recorded 
magnetically on the magnetic strip on the card and 
means for inputting a personal identification 
number , and characterised by means for reading the 
data from the additional coded marking on the card 
and by a pre-programmed processing unit adapted to 
process data input from the magnetic stripe coded 
marking, the PIH number input and the additional 
coded marking and adapted to compare the results of 
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such processed data with data also recorded 
magnetically on the magnetic strip and display the 
results of such comparison* • • 

Validation apparatus according Claim 5_and including 
a channel along which the card may be moved, a. 
magnetic reading head adapted to read data from the 
magnetic stripe thereon and characterised by means 
for reading the additional coded marking thereon* 
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DK 

DK 

DK 

ES 

EB 



ES 
FI 
FI 
FI 
FR 
FR 
GB 
GB 
IT 
IT 
NL 
NO 
NO 
NO 



SE 
SE 
US 



A 

B 

Al 

C2 

A 

B 

C 

Al 

A5 

Al 

AS 

A 

B 

C 

Al 

Bl 

Al 

B2 

AO 

A 

A 

A 

B 

C 

A 

B 

C 

A 



423/79 
3B6903 



2901521 
224/79 
152865 
152865 
4B3966 
483966 
476979 
476979 
790170 
73842 
73842 
2415340 
2415340 
2013009 
2013009 
7919447 
1109496 
7900413 
790134 
161407 
161407 
7900473 
442457 
442457 
4214230 



15- 03 
10-11 

16- 05 

08- 06 
20-07 

24- 05 
10-10 
01-04 
12-04 

16- 06 

25- 06- 
20-07 
31-07- 

09- 11 

17- 08- 
19-09 
01-OB- 

10- 03 

19- 01- 
16-12 
23-07- 

20- O7 
02- 

09— 08 
20-07 
23-12 

10- 04- 
22-07 



88 
-88 
79 
89 
79 
•88 
88 
-80 
80 
80 
80 
79 
87 
87 
79 
86 
79 
82 
79 
85 
79 
79 



89 
79 
85 
86 
80 



